The present invention relates to remote authentication of fingerprints over an insecure network using client-server architecture. It generally relates to the problem of authenticating a person based on that person""s fingerprint, and more specifically to the problem of achieving such authentication by means of communication over an insecure network or channel in such a manner that an eavesdropper who intends to later impersonate the user does not gain any advantage by obtaining a transcript of the communication involved in the process of authentication.
Business processes often require authentication of one or more business entities. At the same time, digital technology has also given rise to new applications for authentication, such as of computer users, credit-card users and so forth. There is an increasing use of various biometrics in such authentication processes. With the widespread use of networking, many of these applications involve authentication over a communication network, where several security- and privacy-related issues arise. With this spread in networking, biometrics has moved from simple desktop implementations to network-authentication systems, involving firewalls and multiple operating platforms. Fingerprints constitute the most popular among the biometrics in use. One of the most important weaknesses of current biometric authentication mechanisms lies in the digital representation of the biometric indicator. If the digital representation of the biometric is made available to a network intruder during an authentication process, the security of the business process may be permanently compromised, since, a biometric indicator is generally unary to begin with (i.e., all of us have only one left thumbprint). Unlike passwords, one cannot keep changing the biometric under use. All prior art methods of fingerprint authentication over a network involve sending the digital representation of all or some part of the fingerprint in some form, which if deciphered, could reduce the offered security to an unacceptably low level, thus disrupting the business method.
The use of encryption is one response to the need for security and privacy in communication. More specifically, such methods involve the use of coding or encryption in the transmission of data, and are secure only as long as such coding or encryption is not broken by an adversary.
Some inventions describing various techniques for enabling the use of biometrics for authentication over a network are given below:
In U.S. Pat. No. 5,917,928: System and method for automatically verifying identity of a subject, certain reference segments are obtained from a reference image, and then during the verification process, the reference segments are used to select a portion of the presented image for pixel-by-pixel comparison with the reference image.
In WO035135A1: SECURE SYSTEM USING CONTINUOUSLY-CHANGING FEATURES OF A BODY PART AS A KEY, a portion of the fingerprint image is transmitted for each verification, and the transmitted portion changes from one verification to the next. This is to ensure that an eavesdropper only acquires a portion of the image each time.
In WO9825385A1: METHOD AND SYSTEM FOR IMPROVING SECURITY IN NETWORK APPLICATIONS (Also U.S. Pat. No. 6,076,167), biometric information is used to authenticate a user at the beginning of a communication session, but it is assumed that a secure channel is available to transmit such information. More specifically, the communication between the two parties is encrypted.
WO9812670A1: BIOMETRIC IDENTIFICATION SYSTEM FOR PROVIDING SECURE ACCESS proposes a device for capturing and transmitting encoded biometric information to a receiver for various applications.
U.S. Pat. No. 6,038,666: Remote identity verification technique using a personal identification also proposes to use biometric data for authentication, but it also proposes the transmission in encrypted form (that is, the security of the invention relies upon the security of the channel of communication).
All these inventions rely on the use of encryption for security during authentication. However, there are several situations where security needs may not be fully met by encryption. Firstly, encryption has certain costs in terms of processing speed, computing power and cost of equipment, and these costs may be either a barrier or an avoidable burden in many applications. Secondly, the use of encryption may place a burden of remembering keys, keeping keys secure and using encryption in a secure and non-compromising fashion upon the user. Technically non-proficient and potentially forgetful or careless users give rise to several security weaknesses. Finally, relying totally upon the security of a network requires the user to trust the providers of the encryption machinery, keys and other encryption infrastructure, means of communication, etc. In addition to being a security concern, such trust may not be desirable when some or all of these parties may have conflicts of interest with the user.
There is, therefore, a need for a means of fingerprint-based authentication that can operate in a secure and trustworthy fashion over a communication channel or network that does not guarantee the security or privacy of communication. In this invention we propose a system and method for such authentication. Here we are achieving two purposes: high-accuracy authentication using fingerprints, and not revealing the fingerprint (or essential information related to the fingerprint) while carrying out the former function.
The object of this invention is to provide an improved system and method for authentication using fingerprints.
Second object of this invention is to provide an improved system and method of authentication using fingerprints with increased security.
Third object of this invention is to provide an improved system and method for authentication using fingerprints without revealing the fingerprint.
Another object of this invention is to provide an improved system and method of authentication using fingerprints where the authenticating party, called the server, and the party to be authenticated, called the user, communicate with each other remotely over a communication channel or network.
Yet another object of this invention is to provide an improved system and method of secure authentication using fingerprints where the server and the user communicate over an insecure communication channel or network.
Further object of this invention is to provide an improved network-based business method where business partners can be authenticated securely even when the security of the network has been compromised.
To achieve the said objectives the invention provides a method for enabling the remote authentication of fingerprints over an insecure network using a client-server architecture, comprising:
transmitting the identity of the finger-print source to the server,
retrieving the fingerprint pattern data of the fingerprint source from the fingerprint data-base at the server,
transmitting a set of queries, each of which is derived from a randomly selected set of fingerprint pattern elements in said fingerprint pattern, to said client,
comparing the received set of queries against the observed fingerprint pattern at the client,
transmitting the identities of those queries to the server for which a match is observed by the client provided at least a defined minimum number of queries are verified,
generating a set of challenges pertaining to defined physical relationships between fingerprint pattern elements in the identified queries,
transmitting said challenges to said client,
responding to said challenges based on observed fingerprint patterns at the client, and
confirming authentication provided at least a defined minimum proportion of responses are determined to be correct by the server.
The said identities are the indices of those queries for which a fingerprint pattern match is observed by said client.
Each of the said queries consists of geometric information about the corresponding randomly selected set of fingerprint pattern elements.
Each of said queries consists of distances between pairs of fingerprint pattern elements.
Each of the said queries consists of the distances from a chosen fingerprint pattern element to each of the other fingerprint pattern elements.
The said distance is the Euclidean distance or the Ridge-Count distance between said two points or a cartesian pair of values, the two values being the Euclidean and the Ridge-Count distances respectively.
Each of the said challenges pertains to a geometric relationship between fingerprint pattern elements in the identified queries.
The said client attempts to maximize the number of correct responses to said challenges.
The minimum number of matches to said queries is 3 and said challenges are constructed by grouping the elements of said identified or matched queries into ordered 3-tuples each containing one element respectively from the 3 identified queries, the correct response to which is the angle formed by connecting the 3 points in said 3-tuple in a predefined sequence.
In order to make the protocol more robust to noisy inputs, the minimum number of matches to said queries is increased to 6 and said challenges are constructed by picking 6 pattern elements, one from each query and selecting 4 angles formed by these 6 elements, chosen in a manner devised not to reveal any useful information about said fingerprint to an eavesdropper.
In order to improve security, said queries are transmitted as pairs of vectors with the second vector in the pair being permuted in accordance with a secret permutation known only to said client and said server, with the client de-permuting said vector of each query prior to processing.
To improve accuracy by rejecting spurious patterns said server acquires several images of the fingerprint of the user at the time of registration, said fingerprint patterns are considered pair wise, and the fingerprint pattern elements present in one image are matched with corresponding elements in the other, and only those elements that match are stored in said fingerprint database at the server.
The instant invention also provides a system for enabling the remote authentication of fingerprints over an insecure network using a client-server architecture, comprising:
means for transmitting the identity of the finger-print source to the server,
means for retrieving the fingerprint pattern data of the fingerprint source from the fingerprint data-base at the server,
means for transmitting a set of queries, each of which is derived from a randomly selected set of fingerprint pattern elements in said fingerprint pattern, to said client,
means for comparing the received set of queries against the observed fingerprint pattern at the client,
means for transmitting the identities of those queries to the server for which a match is observed by the client provided at least a defined minimum number of queries are verified,
means for generating a set of challenges pertaining to defined physical relationships between fingerprint pattern elements in the identified queries,
means for transmitting said challenges to said client,
means for responding to said challenges based on observed fingerprint patterns at the client, and
means for confirming authentication provided at least a defined minimum proportion of responses are determined to be correct by the server.
The said identities are the indices of those queries for which a fingerprint pattern match is observed by said client.
The means for transmitting queries uses the geometric information about the corresponding randomly selected set of fingerprint pattern elements.
The means for transmitting queries uses the distances between pairs of fingerprint pattern elements.
The said means for transmitting queries uses the distances from a chosen fingerprint pattern element to each of the other fingerprint pattern elements.
The said distance is the Euclidean distance or the Ridge-Count distance between said two points or a cartesian pair of values, the two values being the Euclidean and the Ridge-Count distances respectively.
The said means for generating challenges uses a geometric relationship between fingerprint pattern elements in the identified queries.
The said client attempts to maximize the number of correct responses to said challenges.
The minimum number of matches to said queries is 3 and said means for generating challenges groups the elements of said identified matched queries into ordered 3-tuples each containing one element respectively from the 3 identified queries, the correct response to which is the angle formed by connecting the 3 points in said 3-tuple in a predefined sequence.
In order to make the protocol more robust to noisy inputs the minimum number of matches to said queries is increased to 6 and said means for generating challenges picks 6 pattern elements, one from each query and select 4 angles formed by these 6 elements, chosen in a manner devised not to reveal any useful information about said fingerprint to an eavesdropper.
In order to improve security, said means for transmitting queries constructs queries as a pair of vectors with the second vector in the pair being permuted in accordance with a secret permutation known only to said client and said server, with the client de-permuting said vector of each query prior to processing.
To improve accuracy by rejecting spurious patterns said server acquires several images of the fingerprint of the user at the time of registration includes means for considering said fingerprint patterns pair wise, and the means for matching the fingerprint pattern elements present in one image with corresponding elements in the other, said server storing only those elements that match in said fingerprint database.
The instant invention further provides a computer program product comprising computer readable program code stored on computer readable storage medium embodied therein for enabling the remote authentication of fingerprints over an insecure network using a client-server architecture, comprising:
computer readable program code means configured for transmitting the identity of the finger-print source to the server,
computer readable program code means configured for retrieving the fingerprint pattern data of the fingerprint source from the fingerprint data-base at the server,
computer readable program code means configured for transmitting a set of queries, each of which is derived from a randomly selected set of fingerprint pattern elements in said fingerprint pattern, to said client,
computer readable program code means configured for comparing the received set of queries against the observed fingerprint pattern at the client,
computer readable program code means configured for transmitting the identities of said queries to the server for which a match is observed by the client provided at least a defined minimum number of queries are verified,
computer readable program code means configured for generating a set of challenges pertaining to defined physical relationships between fingerprint pattern elements in the identified queries,
computer readable program code means configured for transmitting said challenges to said client,
computer readable program code means configured for responding to said challenges based on observed fingerprint patterns at the client, and
computer readable program code means configured for confirming authentication provided at least a defined minimum proportion of responses are determined to be correct by the server.
The said identities are the indices of those queries for which a fingerprint pattern match is observed by said client.
The said computer readable program code means configured for transmitting queries uses the geometric information about the corresponding randomly selected set of fingerprint pattern elements.
The said computer readable program code means configured for transmitting queries uses the distances between pairs of fingerprint pattern elements.
The said computer readable program code means configured for transmitting queries uses the distances from a chosen fingerprint pattern element to each of the other fingerprint pattern elements.
The said distance is the Euclidean distance or the Ridge-Count distance between said two points or a cartesian pair of values, the two values being the Euclidean and the Ridge-Count distances respectively.
The said means for generating challenges pertains to a geometric relationship between fingerprint pattern elements in the identified queries.
The said client attempts to maximize the number of responses to said challenges.
The minimum number of matches to said queries is 3 and said computer readable program code means configured for generating challenges groups the elements of said identified matched queries into ordered 3-tuples each containing one element respectively from the 3 identified queries, the correct response to which is the angle formed by connecting the 3 points in said 3-tuple in a predefined sequence.
In order to make the protocol more robust to noisy inputs the minimum number of matches to said queries is increased to 6 and said computer readable program code means configured for generating challenges picks 6 pattern elements, one from each query and select 4 angles formed by these 6 elements, chosen in a manner devised not to reveal any useful information about said fingerprint to an eavesdropper.
In order to improve security said computer readable program code means configured for transmitting queries constructs queries as pairs of vectors with the second vector in the pair being permuted in accordance with a secret permutation known only to said client and said server, with the client de-permuting said vector of each query prior to processing.
To improve accuracy by rejecting spurious patterns said server acquires several images of the fingerprint of the user at the time of registration includes computer readable program code means configured for considering said fingerprint patterns pair wise, and the computer readable program code means for matching the fingerprint pattern elements present in one image with corresponding elements in the other, said server storing only those elements that match in said fingerprint database.